New Encryption Bug Allows Decryption of 66% VPN Servers

There's a new vulnerability in town, and it's a critical threat to anyone who uses a VPN, email, or even a browser.

What is Logjam?

Dubbed Logjam, this encryption bug allows man-in-the-middle attacks by using a flow in the Transport Layer Security protocol. Indeed, Logjam would allow a potential attacker to intercept and decrypt the encrypted data flowing from you to websites, mail servers and even VPNs, as all of these use protocols relying on a flawed cryptographic algorithm called the Diffie-Hellman key exchange.

The vulnerability is exploited by downgrading the encryption level of a vulnerable server while still making clients (your web browser or your VPN software) believe that the server still has a high level of encryption. As the encryption level is, in fact, low (512-bit "export-grade" keys), the data is more easily crackable.

The vulnerability affects more than 66% of VPN servers, mainly IPsec-based VPNs.

According to the paper:

"We carried out this computation against the most common 512-bit prime used for TLS and demonstrated that the Logjam attack can be used to downgrade connections to 80 percent of TLS servers supporting DHE_EXPORT"

This security flaw exists because, in the 1990s, the US government banned high-encryption keys from export. While US servers could have high-grade levels of crypto, exporting these was just forbidden. However, to communicate with worldwide users, the servers had to accept the lower, export-grade level of encryption of the non-US users.

As a matter of fact, the Logjam vulnerability could have been used by organizations with high power of computing power such as the NSA to crack VPNs, as it is consistent with the strategies described in the leaked PRISM documents.

How to protect yourself from Logjam

If you're reading, you must be using a browser. Well, Microsoft, Google and Mozilla are already deploying security fixes, so be sure to update your browser!
You can check if your browser is vulnerable here